Follow me on instagram @localfileinclusion--------------------------------------------------------------Okay, Cross Site Scripting or (XSS) is a vulnerability found in Web Applications, Usually found on forums or (SearchBars). XSS uses something called (JavaScript). JavaScript or (JS) is a (HighLevel) Language. now let's cut to the fun part, there's many types of XSS we're going over the most famous 2-------------------------------------------------------------------------------------------------------------------------------1.Reflective XSS, rXSS is when you find a search bar for example and use a payload such as, <script>alert("XSS"), that's a basic script alert payload, now most websites sanitize "<script" so what we could do is something called a WAF bypass or Web Application Firewall Bypass, this payload would look like "><script>alert("XSS");</script> or my favorite vector the SVG <svg/onload=alert(xss)>------------------------------------------------------------------------------------------------------------------------------------2.Persistent XSS, pXSS would be self explanitory, it stays on that webpage, most people would use a vector like <script>alert("document.cookie")</script>, where would they put this you may ask? on somewhere people click on, so like a forum post, in the comment's if HTML characters aren't sanitized, you could really damage a forum--------------------------------------------------------------------------------------------------------------------------------------That'll conclude this topic, next topic will be a Mass XSS Scan tool.follow @localfileinclusion on instagram for help, Peace!